Managing Policies; Modifiable Policy Parameters - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

The parameters listed
Table 88

Modifiable policy parameters

Parameter
Encryption Algorithm
Authentication Algorithm
Security Association lifetime in
seconds
PFS (Perfect Forward Secrecy)
Diffie-Hellman group

Managing policies

Use the policy command to create, delete, and show IKE and IPSec policies.
To create a new policy:
1. Log in to the switch as admin.
2. Issue the policy command to create IKE and IPSec policies:
policy --create type number [-enc encryption_method][-auth
authentication_algorithm] [-pfs off|on] [-dh DH_group] [-seclife secs]
where:
type and number
encryption_method
authentication_algorithm
DH_Group
secs
inTable 88 can be modified:
Description
3DES—168-bit key
AES- 1 28—128-bit key (default)
AES-256—256-bit key
SHA- 1 —Secure Hash Algorithm (default)
MD5—Message Digest 5
AES-XCBC—Used only for IPSec
The lifetime in seconds of the security association. A new
key is renegotiated before seconds expires. Seconds must
be between 28800 to 250000000 or 0. Default is 28800
sec.
Applies only to IKE policies. Choices are On/Off;
default is On.
Group 1—768 bits (default)
Group 14—2048 bits
The type of policy being created (IKE or IPSec) and the number for
this type of policy. To easily determine how many policies have
been created, consider using sequential numbering. The range of
valid values is any whole number from 1 through 32.
The supported type of encryption. Valid options are 3DES,
AES- 1 28, and AES-256. AES- 1 28 is the default.
The authentication algorithm. Valid options are SHA-1, MD5, and
AES-XCBC (IPSec only). SHA- 1 is the default.
The Diffie-Hellman group. Supported groups are Group 1 and
Group 14. Group 1 is the default.
The security association lifetime in seconds. 28800 is the default.
Fabric OS 6.1.x administrator guide 391